Vulnerability Name:

CVE-2014-7819 (CCN-98413)

Assigned:2014-10-30
Published:2014-10-30
Updated:2023-02-13
Summary:
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2014-7819

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: oss-security Mailing List, Thu, 30 Oct 2014 11:52:56 -0700
Arbitrary file existence disclosure in Sprockets (CVE-2014-7819)

Source: CCN
Type: oss-security Mailing List, Thu, 30 Oct 2014 13:29:05 -0700
[AMENDED] [CVE-2014-7819] Arbitrary file existence disclosure in Sprockets

Source: CCN
Type: BID-70858
RubyGems Sprockets CVE-2014-7819 Information Disclosure Vulnerability

Source: XF
Type: UNKNOWN
sprockets-cve20147819-info-disclosure(98413)

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-7819

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:sprockets_project:sprockets:2.11.0:*:*:*:*:*:*:*
  • OR cpe:/a:sprockets_project:sprockets:2.12.2:*:*:*:*:*:*:*
  • OR cpe:/a:sprockets_project:sprockets:2.12.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:55267
    P
    		Security update for samba (Important)
    2021-11-16
    oval:org.opensuse.security:def:55950
    P
    		Security update for openssl (Low)
    2021-09-20
    oval:org.opensuse.security:def:26127
    P
    		Security update for postgresql12 (Moderate)
    2021-09-16
    oval:org.opensuse.security:def:26116
    P
    		Security update for apache2 (Important)
    2021-09-02
    oval:org.opensuse.security:def:26115
    P
    		Security update for libesmtp (Important)
    2021-09-02
    oval:org.opensuse.security:def:20147819
    V
    		CVE-2014-7819
    2021-08-15
    oval:org.opensuse.security:def:36566
    P
    		rubygem-sprockets-2_2-2.2.1-0.7.11.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:26191
    P
    		Security update for jasper (Important)
    2021-02-16
    oval:org.opensuse.security:def:55784
    P
    		Security update for spice (Important)
    2020-12-16
    oval:org.opensuse.security:def:55127
    P
    		Security update for openssl (Important)
    2020-12-11
    oval:org.opensuse.security:def:55678
    P
    		Security update for postgresql94 (Important)
    2020-12-01
    oval:org.opensuse.security:def:27564
    P
    		rubygem-sprockets-2_2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26833
    P
    		tgt on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26319
    P
    		Security update for kde-cli-tools5 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:55104
    P
    		facter on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26891
    P
    		evolution-data-server on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:56343
    P
    		Security update for clamav (Important)
    2020-12-01
    oval:org.opensuse.security:def:26457
    P
    		Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:56509
    P
    		Security update for gd (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26692
    P
    		evince on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:55505
    P
    		Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:56628
    P
    		Security update for libICE (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26794
    P
    		openvpn on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26847
    P
    		yast2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:56235
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:26400
    P
    		Security update for Chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:55105
    P
    		fetchmail on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27529
    P
    		osc on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:56435
    P
    		Security update for libplist (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26541
    P
    		evince on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:56547
    P
    		Security update for nautilus (Low)
    2020-12-01
    oval:org.opensuse.security:def:26745
    P
    		libexiv2-4 on GA media (Moderate)
    2020-12-01
    oval:com.ubuntu.bionic:def:201478190000000
    V
    		CVE-2014-7819 on Ubuntu 18.04 LTS (bionic) - low.
    2014-11-08
    oval:com.ubuntu.artful:def:20147819000
    V
    		CVE-2014-7819 on Ubuntu 17.10 (artful) - low.
    2014-11-08
    oval:com.ubuntu.xenial:def:20147819000
    V
    		CVE-2014-7819 on Ubuntu 16.04 LTS (xenial) - low.
    2014-11-08
    oval:com.ubuntu.xenial:def:201478190000000
    V
    		CVE-2014-7819 on Ubuntu 16.04 LTS (xenial) - low.
    2014-11-08
    oval:com.ubuntu.bionic:def:20147819000
    V
    		CVE-2014-7819 on Ubuntu 18.04 LTS (bionic) - low.
    2014-11-08
    oval:com.ubuntu.disco:def:201478190000000
    V
    		CVE-2014-7819 on Ubuntu 19.04 (disco) - low.
    2014-11-08
    oval:com.ubuntu.cosmic:def:20147819000
    V
    		CVE-2014-7819 on Ubuntu 18.10 (cosmic) - low.
    2014-11-08
    oval:com.ubuntu.cosmic:def:201478190000000
    V
    		CVE-2014-7819 on Ubuntu 18.10 (cosmic) - low.
    2014-11-08
    oval:com.ubuntu.trusty:def:20147819000
    V
    		CVE-2014-7819 on Ubuntu 14.04 LTS (trusty) - low.
    2014-11-08
    BACK
    sprockets_project sprockets 2.11.0
    sprockets_project sprockets 2.12.2
    sprockets_project sprockets 2.12.1